Re: [HACKERS] TODO list updated
Bruce Momjian <pgman@candle.pha.pa.us>
From: Bruce Momjian <pgman@candle.pha.pa.us>
To: The Hermit Hacker <scrappy@hub.org>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Peter Eisentraut <peter_e@gmx.net>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 2000-01-13T17:25:21Z
Lists: pgsql-hackers
> On Thu, 13 Jan 2000, Tom Lane wrote: > > > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > >> You can't securely do > > >> echo $PASSWORD | backend > > >> or > > >> echo $PASSWORD > allegedly-secure-temp-file > > > > > This is secure. echo is a shell builtin, and does not invoke a separate > > > process with arguments. > > > > echo is a builtin in ksh and derivatives, but I don't think it's safe > > to assume it is a builtin everywhere... > > bash-2.03$ which echo > /usr/slocal/bin/echo > which is an external program looking for another external program. From bash: #$ type echo echo is a shell builtin #$ which which /usr/bin/which -- Bruce Momjian | http://www.op.net/~candle maillist@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026